[getdns-users] why do we link libgetdns.so to dlopen?
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Nov 5 00:14:48 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Daniel,
On 11/04/2015 11:53 PM, W.C.A. Wijngaards wrote:
> Hi Daniel,
>
> On 11/04/2015 11:23 PM, Daniel Kahn Gillmor wrote:
>> i noticed that libgetdns.so is being linked against libdl, but i
>> don't think we're using dlopen or any of the other functions
>> exported from ldl.
>
>> fwict, ./configure is adding -ldl because of m4/acx_openssl.m4,
>> which claims:
>
>> # openssl engine functionality needs dlopen(). BAKLIBS="$LIBS"
>> AC_SEARCH_LIBS([dlopen], [dl]) if test "$LIBS" != "$BAKLIBS";
>> then LIBSSL_LIBS="$LIBSSL_LIBS -ldl" fi
Testing that, I see that for getdns and Unbound the patch is safe,
because it is tested (but more properly) in ACX_LIB_SSL.
Best regards, Wouter
>
>> However, we're not using OpenSSL Engine support directly. If
>> some library user wants to initialize openssl's engine support,
>> they should be able to do that with OpenSSL itself, and then they
>> should be able to get libcrypto and/or libssl to use libdl
>> directly.
>
> But that is not how the linker works, I understand you would like
> it to.
>
>
>> On some minimal systems, libcrypto and libssl might be built
>> without engine support at all; in that case, libgetdns is adding
>> a superfluous dependency to the linker.
>
> Regardless of what calls getdns uses, the dependency of openssl on
> libdl has to be satisfied for the linker to succeed.
>
>
>> I don't know the what the getdns policy is about tweaking the
>> files in m4/, but maybe the following patch can be safely
>> applied?
>
> No, you cannot safely apply that patch. The library will not link
> properly (at compile time or at run time, not sure) for some
> setups/platforms. Leaving out -ldl when possible would be a nice
> patch (that I would also like for unbound and NSD).
>
> Best regards, Wouter
>
>
>> diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 index
>> 87507dc..059a670 100644 --- a/m4/acx_openssl.m4 +++
>> b/m4/acx_openssl.m4 @@ -95,12 +95,6 @@
>> AC_DEFUN([ACX_SSL_CHECKS], [ fi AC_SUBST(HAVE_SSL)
>> AC_SUBST(RUNTIME_PATH) - # openssl engine functionality needs
>> dlopen(). - BAKLIBS="$LIBS" - AC_SEARCH_LIBS([dlopen], [dl]) - if
>> test "$LIBS" != "$BAKLIBS"; then - LIBSSL_LIBS="$LIBSSL_LIBS
>> -ldl" - fi fi AC_CHECK_HEADERS([openssl/ssl.h],,,
>> [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/err.h],,,
>> [AC_INCLUDES_DEFAULT])
>
>
>> wdyt?
>
>> --dkg _______________________________________________ Users
>> mailing list Users at getdnsapi.net
>> http://getdnsapi.net/mailman/listinfo/users
>
>
> _______________________________________________ Users mailing list
> Users at getdnsapi.net http://getdnsapi.net/mailman/listinfo/users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJWOpFoAAoJEJ9vHC1+BF+NWqUP/iC5IUhep9tE2fkSoJLP7lEL
4kd1g+TdDKsSmXZChyguFQf15tYL9PlEFUMUX9RVMqGD03g22pjPuYNtCXe3Rfgz
s2G79xcw8zErlqq8mgUHzfZRBX3uGk7VyQSOqF+2sFIMlinoc61Bbrbpslxttejs
4+ZqrnKFZmhb/QYiPKdXfz7/z6Euw3NkAFm0bwOlnIW9WDVkKqVeAOvM85EiTTfx
JOBqohteAlEU4guIuD+DLIGioAkqXewfRiObXnJ/xkF8lM2O2kiUrd0VXkMBrRI3
VVYCBF/n9+u7FZhpqukDNkGjwqJCD+k5YkQAISA1iWCT+Po//KFoV7qHtC2ZA7e6
bqg1dOwmCrAQNtyglw9vWa4FOoJwwYXwE+fl09ZMfwl5/anBmcRrTsRcK4h9wD2T
d4jfWZv6V1z28zeLjQ7LhLJ0I6miT6KCsjyS+GUqThZxypqH+zMch6vUOa0moFKu
4MPJJSbrGeRE3vjofTnDrrCv75bbF2bFmTGpR1V6vfNqQWXks9yMYvC8rYpKK3GX
78g3Px3OcIgS2IB0+0g77GXW4Lq8qLBQtUZyFK8UjOhSVpOAZufERH8QPPHjNNav
Zi4WW51vtPIimEBvuZlkqeFGs9RhXdkTraPovunoUHKnH2j9xvNq1gdXMUD1DOTQ
UdYHVtMCvh2vXY7AdCwA
=Uia9
-----END PGP SIGNATURE-----
More information about the Users
mailing list